Trojan horse backdoor.agent.NRB virus. Unable to delete hidden file.
Everything below is being done from administrator.
I recently attempted to install Nero 7 on a Windows XP Pro SP2 system, the install fail with an error "unable to create c:\windows\system32\nerocom.dll file". Subsequent investigations have led me thru a mine field of strange issues.
I have discovered:
- I cannot create any file (under any folder) with a name "xxxCOM.dll", even a simpe text file from Notepad can't be saved with a name containing "com.dll" : I get the same error as with the Nero install. I can create files with names like "xxxCOM1.dll, xxxCOM2.dll" but not "xxxCOM.dll"
- I cannot display the security property information for any file on the system that has a name"xxxCOM.dll"
I then a variety of virus and spyware tools, with the following results
- Win Defender - nothing
- SpyBot - nothing
- AVG - continually pops up a threat warning "Trojan horse backdoor.agent.NRB in file c:\windows\system\COM.dll" but AVG can't heal the problem
- NOD32 - does not detect a virus in the file c:\windows\system\COM.dll but issues a message that it cannot open file c:\windows\system\COM.dll
I have formed the opinion that this mysterious file is somehow behind the problems I am having in trying to install Nero/create a file with a name "xxxCOM.DLL" etc. Seems reasonable to me.
This file c:\windows\system\COM.dll is a mysteriously hidden file. Windows Explorer does not show it (and I have all options set properly to display system and hidden files). I have tried booting up in safe mode and entering commands like "attrib c:\windows\system\COM.dll" but they all say "file not found". I have tried specialised PC file management tool packages to walk the NTFS tree and locate it and they can't find it either. I have searched the registry for any references to "com.dll" and found nothing. But both AVG and NOD32 detect the existence of the file (but can't open or delete it).
I am seeking any further suggestions anybody may have on understanding this problem.
I am thinking of trying the following rather radical step as a way of deleting this mysterious "COM.dll" file
- create a new folder "system32new"
- one by one copy every sub-folder and file from the existing system32 folder to the new one using Explorer (on the belief/hope that the mysterious "COM.dll" file will not be copied")
- checking the resultant system32 total storage used vs the system32new storage used and hoping to see a small difference (to account for the fact that the mysterious "COM.dll" file is not present under "system32new")
- then (risky), boot up in safe mode and do 2 commands
* ren system32 system32old
* ren system32new system32
- hopefully this will create a new instance of system32 with the mysterious file absent
I am worried there may be unique file identifier linkages present in the registry or other parts of the system which will cause problems with this approach (and I am not even sure the renames will work on system32).
Any comments on this strategy.